Facilitating hitless security key rollover using data plane feedback

ABSTRACT

A first network device may install a receiving key for decrypting traffic on protocol hardware associated with a data plane of the first network device. The first network device may receive, from the data plane, a first notification indicating that the receiving key is installed on the protocol hardware and may provide, to a second network device, a first message identifying the receiving key. The first network device may receive, from the second network device, an acknowledgment message indicating that the receiving key is installed on the second network device and may install a transmission key for encrypting traffic on the protocol hardware. The first network device may receive, from the data plane, a second notification indicating that the transmission key is installed on the protocol hardware and may provide, to the second network device, a second message identifying the transmission key.

CROSS-REFERENCE TO RELATED APPLICATION

This application claims priority to Indian Provisional Application No.202041019240 entitled “FACILITATING HITLESS SECURITY KEY ROLLOVER USINGDATA PLANE FEEDBACK,” filed on May 6, 2020. The entire content of whichis expressly incorporated herein by reference.

BACKGROUND

Media access control security (MACsec) is a security standard, definedby the Institute of Electrical and Electronics Engineers (IEEE) 802.1AE,that defines connectionless data confidentiality and integrity for mediaaccess independent protocols. The MACsec standard specifies a set ofprotocols to meet security requirements for protecting data traversingEthernet local area networks (LANs). MACsec defines a securityinfrastructure to provide data confidentiality, data integrity, and dataorigin authentication.

SUMMARY

According to some implementations, a method may include receiving, by afirst network device, encryption data identifying a receiving key fordecrypting traffic, and a transmission key for encrypting traffic;installing, by the first network device, the receiving key on protocolhardware associated with a data plane of the first network device;receiving, from the data plane of the first network device, a firstnotification indicating that the receiving key is installed on theprotocol hardware; providing, by the first network device and to asecond network device, a first key agreement control message identifyingthe receiving key, wherein the first key agreement control message isprovided based on receiving the first notification; receiving, by thefirst network device and from the second network device, anacknowledgment message indicating that the receiving key is installed onthe second network device; installing, by the first network device, thetransmission key on the protocol hardware based on receiving theacknowledgment message; receiving, from the data plane of the firstnetwork device, a second notification indicating that the transmissionkey is installed on the protocol hardware; and providing, by the firstnetwork device and to the second network device, a second key agreementcontrol message identifying the transmission key, wherein the second keyagreement control message is provided based on receiving the secondnotification.

According to some implementations, a first network device may includeone or more memories and one or more processors to: receive encryptiondata identifying a first key for decrypting traffic, and a second keyfor encrypting traffic; install the first key on protocol hardwareassociated with a data plane of the first network device; receive, fromthe data plane, a first notification indicating that the first key isinstalled on the protocol hardware; provide, to a second network device,a first key agreement control message identifying the first key, whereinthe first key agreement control message is provided based on receivingthe first notification; receive, from the second network device, a firstacknowledgment message indicating that the first key is installed on thesecond network device; install the second key on the protocol hardwarebased on receiving the first acknowledgment message; receive, from thedata plane, a second notification indicating that the second key isinstalled on the protocol hardware; provide, to the second networkdevice, a second key agreement control message identifying the secondkey, wherein the second key agreement control message is provided basedon receiving the second notification; and receive, from the secondnetwork device, a second acknowledgment message indicating that thesecond key is installed on the second network device.

According to some implementations, a non-transitory computer-readablemedium may store one or more instructions. The one or more instructions,when executed by one or more processors of a first network device, maycause the one or more processors to: receive encryption data identifyinga receiving key for decrypting traffic and a transmission key forencrypting traffic; install the receiving key on protocol hardwareassociated with a data plane of the first network device; receive, fromthe data plane, a first notification indicating that the receiving keyis installed on the protocol hardware; provide, to a second networkdevice, a first key agreement control message identifying the receivingkey, wherein the first key agreement control message is provided basedon receiving the first notification; receive, from the second networkdevice, a first acknowledgment message indicating that the receiving keyis installed on the second network device; install the transmission keyon the protocol hardware based on receiving the first acknowledgmentmessage; receive, from the data plane, a second notification indicatingthat the transmission key is installed on the protocol hardware;provide, to the second network device, a second key agreement controlmessage identifying the transmission key, wherein the second keyagreement control message is provided based on receiving the secondnotification; receive, from the second network device, a secondacknowledgment message indicating that the transmission key is installedon the second network device; encrypt traffic with the transmission keybased on receiving the first acknowledgment message and to generateencrypted traffic; and provide the encrypted traffic to the secondnetwork device to cause the second network device to decrypt theencrypted traffic with the receiving key.

BRIEF DESCRIPTION OF THE DRAWINGS

FIGS. 1A-1J are diagrams of an example implementation described herein.

FIG. 2 is a diagram of an example environment in which systems and/ormethods described herein may be implemented.

FIGS. 3-4 are diagrams of example components of one or more devices ofFIG. 2.

FIGS. 5-7 are flowcharts of example processes relating to facilitatinghitless security key rollover.

DETAILED DESCRIPTION

The following detailed description of example implementations refers tothe accompanying drawings. The same reference numbers in differentdrawings may identify the same or similar elements.

Various security protocols, such as media access control security(MACsec) protocol, Internet protocol security (IPsec) protocol, and/orthe like, are used for secured communications between network devices.In one example, during use of the MACsec protocol, security keys (e.g.,comprising a transmission key, a receiving key, and/or the like) arecreated and maintained between communicating network devices forencryption and decryption of traffic (e.g., network traffic communicatedbetween the network devices via a MACsec communication link). Forexample, a transmitting network device may use a transmission key toencrypt and send traffic to a receiving network device that uses areceiving key to decrypt the traffic. The security keys need to bechanged from time to time in order to ensure that the MACseccommunication link between communicating network devices remainssecured. This may be referred to as a key rollover (e.g., when thenetwork devices install and/or use new security keys).

In order to facilitate a key rollover, a key server network deviceinitiates (e.g., using a protocol daemon in a control plane of the keyserver network device) an install of a new receiving key on the keyserver network device (e.g., in the data plane of the key server networkdevice) and sends the receiving key to a peer network device, whichinitiates (e.g., using a protocol daemon in a control plane of the peernetwork device) an install of the new receiving key on the peer networkdevice (e.g., in the data plane of the peer network device). The peernetwork device then sends (e.g., using the protocol daemon of the peernetwork device) a first acknowledgment to the key server network deviceindicating that the peer network device has initiated installation ofthe receiving key. The key server network device initiates (e.g., usingthe protocol daemon of the key server network device), based onreceiving the first acknowledgment, an install of a new transmission keyon the key server network device (e.g., in the data plane of the keyserver network device). Accordingly, the key server network deviceencrypts, after installing the new transmission key on the key servernetwork device, traffic using the new transmission key and sends thetraffic to the peer network device to be decrypted using the newreceiving key. Moreover, the key server network device sends thetransmission key to the peer network device, which initiates (e.g.,using the protocol daemon of the peer network device) an install of thenew transmission key on the peer network device (e.g., in the data planeof the peer network device). The peer network device then sends (e.g.,using the protocol daemon of the peer network device) a secondacknowledgment to the key server network device indicating that the peernetwork device has initiated installation of the new transmission key.

However, the above scheme relies on messages being sent wheninstallation of a new security key has initiated (as opposed to wheninstallation of the new security key is complete). Consequently, a peernetwork device may not have finished installing a new receiving key whena key server network device starts to transmit traffic to the peernetwork device that has been encrypted using a new transmission key (andthat can be decrypted using only the new receiving key). This may bebecause the peer network device has encountered processing or schedulingdelays associated with other activities involving the data plane of thepeer network device, and thus installation of the receiving key has notyet occurred. The peer network device may therefore receive traffic thatthe peer network device cannot decrypt (e.g., because the peer networkdevice has not finished installing the new receiving key), which resultsin traffic loss. Furthermore, the key server network device, the peernetwork device, and/or the like may consume computing resources (e.g.,processing resources, memory resources, power resources, and/or thelike) to recommunicate the traffic from the key server network device tothe peer network device (e.g., after the peer network device hasfinished installing the receiving key) due to the traffic loss.

Some implementations described herein provide a key server networkdevice and a peer network device that send messages when installation ofa new security key is complete. In some implementations, a protocoldaemon of a control plane of the key server network device maycommunicate with a data plane daemon of a data plane of the key servernetwork device to install a receiving key on the data plane of the keyserver network device. After installation of the receiving key iscomplete, the data plane daemon may notify the protocol daemon that thereceiving key is installed, which allows the protocol daemon to send afirst key agreement control message that includes the receiving key tothe peer network device. A protocol daemon of a control plane of thepeer network device may communicate, based on the first key agreementcontrol message, with a data plane daemon of a data plane of the peernetwork device to install the receiving key on the data plane of thepeer network device. After installation of the receiving key iscomplete, the data plane daemon may notify the protocol daemon that thereceiving key is installed, which allows the protocol daemon to send, tothe key server network device, a first acknowledgment message indicatingthat the receiving key is installed on the peer network device.

In some implementations, the protocol daemon of the key server networkdevice may communicate, based on receiving the first acknowledgmentmessage, with the data plane daemon of the key server network device toinstall a transmission key on the data plane of the key server networkdevice. After installation of the transmission key is complete, the dataplane daemon may notify the protocol daemon that the transmission key isinstalled. Accordingly, the key server network device may encrypt, usingthe transmission key and based on receiving the first acknowledgmentmessage, traffic received from an origination endpoint device and mayprovide the encrypted traffic to the peer network device. The peernetwork device may decrypt, using the receiving key, the encryptedtraffic and may send the traffic to a destination endpoint device.

Additionally, or alternatively, after installation of the transmissionkey is complete and the protocol daemon has been notified that thetransmission key is installed, the protocol daemon may send a second keyagreement control message that includes the transmission key to the peernetwork device. The protocol daemon of the peer network device maycommunicate, based on the second key agreement control message, with thedata plane daemon of the peer network device to install the transmissionkey on the data plane of the data plane of the peer network device.After installation of the transmission key is complete, the data planedaemon may notify the protocol daemon that the transmission key isinstalled, which allows the protocol daemon to send, to the key servernetwork device, a second acknowledgment message indicating that thetransmission key is installed on the peer network device.

In this way, the key server network device and/or the peer networkdevice may facilitate a hitless security key rollover (e.g., a securitykey rollover that eliminates traffic loss, which is also referred to aszero packet loss). This may eliminate a need to consume computingresources (e.g., processing resources, memory resources, powerresources, and/or the like) to recommunicate traffic from the key servernetwork device to the peer network device. Further, some implementationsdescribed herein provide key rollover without resetting peering sessions(e.g., MACsec sessions, IPsec session, and/or the like) associated withthe key server network device and/or the peer network device; withoutinterrupting the security protocol associated with the key servernetwork device and/or the peer network device (e.g., the MACsecprotocol, the IPsec protocol, and/or the like); and/or the like.Moreover, some implementations described herein increase an overallpredictability and/or stability of the key server network device and/orthe peer network device, which may improve a performance of the keyserver network device and/or the peer network device.

FIGS. 1A-1J are diagrams of one or more examples 100 associated withfacilitating hitless security key rollover. As shown in FIGS. 1A-1J,example(s) 100 includes a plurality of endpoint devices and a pluralityof network devices. As shown in FIG. 1A, the plurality of networkdevices may be included in a network and may include a key servernetwork device and one or more peer network devices. The plurality ofendpoint devices may communicate with each other via the network thatincludes the plurality of network devices.

As shown in FIGS. 1B-1I, each network device may be associated with acontrol plane (also referred to as a protocol layer) and a data plane.The control plane of the network device may include a protocol daemon(e.g., a process or a program) that operates in the background of thecontrol plane of the network device to control installation of one ormore security keys on the network device and/or to communicate withother network devices to exchange the one or more security keys. Thedata plane of the network device may include a data plane daemon andprotocol hardware (e.g., hardware to receive traffic, forward traffic,encrypt traffic, decrypt traffic, and/or the like). The data planedaemon (e.g., a process or a program) may operate in the background ofthe data plane of the network device to obtain the one or more securitykeys from the protocol daemon of the control plane and to install theone or more security keys on the protocol hardware (e.g., to allow thenetwork device to encrypt and/or decrypt traffic based on the one ormore security keys). The network device, the protocol daemon, the dataplane daemon, the protocol hardware, and/or the like may be associatedwith a security protocol, such as a media access control security(MACsec) protocol, an Internet protocol security (IPsec) protocol,and/or the like.

As shown in FIG. 1B and by reference number 105, a protocol daemon ofthe key server network device may receive encryption data (e.g., from anendpoint device of the plurality of endpoint devices, another networkdevice of the plurality of network devices, and/or the like). Theencryption data may identify one or more security keys (e.g., one ormore MACsec keys, one or more IPsec keys, and/or the like). In someimplementations, the encryption data may identify a receiving key fordecrypting traffic and/or a transmission key for encrypting traffic.

In some implementations, the protocol daemon may receive the encryptiondata at a certain time that is a particular amount of time afterreceiving former encryption data (e.g., that includes one or more formersecurity keys, such as a former receiving key, a former transmissionkey, and/or the like). For example, the protocol daemon of the keyserver may receive the encryption data 10 seconds, 30 seconds, 1 minute,10 minutes, and/or the like, after receiving the former encryption data.Additionally, or alternatively, the protocol daemon may receive theencryption data after a particular quantity of packets is processedusing the one or more former security keys (e.g., after the particularquantity of packets is encrypted and/or decrypted using the one or moreformer security keys). For example, the protocol daemon may receive theencryption data after 1,000 packets, 10,000 packets, 25,000 packets,and/or the like are processed using the one or more former securitykeys.

In some implementations, the protocol daemon may communicate with thedata plane daemon of the key server network device to cause thereceiving key to be installed on the data plane of the key servernetwork device. For example, the protocol daemon may send, to the dataplane daemon, a request for installation of the receiving key. As shownby reference number 110, the data plane daemon may install (or cause tobe installed) the receiving key on the protocol hardware of the keyserver network device (e.g., based on the request from the protocoldaemon). For example, the data plane daemon may program the receivingkey into the protocol hardware.

As shown in FIG. 1C, the data plane daemon may determine thatinstallation of the receiving key on the protocol hardware is complete.For example, the protocol hardware may send, upon completion of theinstallation of the receiving key on the protocol hardware and to thedata plane daemon, a message indicating that installation of thereceiving key on the protocol hardware is complete.

As shown by reference number 115, the data plane daemon may send, to theprotocol daemon, a notification indicating that the receiving key isinstalled on the protocol hardware (e.g., based on determining thatinstallation of the receiving key on the protocol hardware is complete).As shown by reference number 120, the protocol daemon may provide (e.g.,send, transmit, forward, and/or the like), to a peer network device, afirst key agreement control message (e.g., based on receiving thenotification indicating that the receiving key is installed on theprotocol hardware). The first key agreement control message may identifythe receiving key (e.g., to allow the receiving key to be installed onthe peer network device).

As shown in FIG. 1D and by reference number 125, the protocol daemon ofthe peer network device may receive the first key agreement controlmessage (e.g., that the protocol daemon of the key server network devicesent to the peer network device). In some implementations, the protocoldaemon may communicate with the data plane daemon of the peer networkdevice to cause the receiving key to be installed on the data plane ofthe peer network device. For example, the protocol daemon may send, tothe data plane daemon, a request for installation of the receiving key.

As shown by reference number 130, the data plane daemon may install (orcause to be installed) the receiving key on the protocol hardware of thepeer network device (e.g., based on the request from the protocoldaemon). For example, the data plane daemon may program the receivingkey into the protocol hardware.

As shown in FIG. 1E, the data plane daemon may determine thatinstallation of the receiving key on the protocol hardware is complete.For example, the protocol hardware may send, upon completion of theinstallation of the receiving key on the protocol hardware and to thedata plane daemon, a message indicating that installation of thereceiving key on the protocol hardware is complete.

As shown by reference number 135, the data plane daemon may send, to theprotocol daemon, a notification indicating that the receiving key isinstalled on the protocol hardware (e.g., based on determining thatinstallation of the receiving key on the protocol hardware is complete).As shown by reference number 140, the protocol daemon may provide (e.g.,send, transmit, forward, and/or the like), to the key server networkdevice, a first acknowledgment message (e.g., based on receiving thenotification indicating that the receiving key is installed on theprotocol hardware). The first acknowledgment message may indicate thatthe receiving key is installed on the peer network device.

As shown in FIG. 1F and by reference number 145, the protocol daemon ofthe key server network device may receive the first acknowledgmentmessage (e.g., that the protocol daemon of the peer network device sentto the key server network device). In some implementations, the protocoldaemon may communicate with the data plane daemon of the key servernetwork device to cause the transmission key (e.g., that is identifiedin the encryption data that was received by the protocol daemon, asdescribed herein in relation to FIG. 1B and reference number 105) to beinstalled on the data plane of the key server network device (e.g.,based on the first acknowledgment message). For example, the protocoldaemon may send, to the data plane daemon, a request for installation ofthe transmission key.

As shown by reference number 150, the data plane daemon may install (orcause to be installed) the transmission key on the protocol hardware ofthe key server network device (e.g., based on the request from theprotocol daemon). For example, the data plane daemon may program thetransmission key into the protocol hardware.

As shown in FIG. 1G, the data plane daemon may determine thatinstallation of the transmission key on the protocol hardware iscomplete. For example, the protocol hardware may send, upon completionof the installation of the transmission key on the protocol hardware andto the data plane daemon, a message indicating that installation of thetransmission key on the protocol hardware is complete.

As shown by reference number 155, the data plane daemon may send, to theprotocol daemon, a notification indicating that the transmission key isinstalled on the protocol hardware (e.g., based on determining thatinstallation of the transmission key on the protocol hardware iscomplete). As shown by reference number 160, the protocol daemon mayprovide (e.g., send, transmit, forward, and/or the like), to the peernetwork device, a second key agreement control message (e.g., based onreceiving the notification indicating that the transmission key isinstalled on the protocol hardware). The second key agreement controlmessage may identify the transmission key (e.g., to allow thetransmission key to be installed on the peer network device).

As shown in FIG. 1H and by reference number 165, the protocol daemon ofthe peer network device may receive the second key agreement controlmessage (e.g., that the protocol daemon of the key server network devicesent to the peer network device). In some implementations, the protocoldaemon may communicate with the data plane daemon of the peer networkdevice to cause the transmission key to be installed on the data planeof the peer network device. For example, the protocol daemon may send,to the data plane daemon, a request for installation of the transmissionkey.

As shown by reference number 170, the data plane daemon may install (orcause to be installed) the transmission key on the protocol hardware ofthe peer network device (e.g., based on the request from the protocoldaemon). For example, the data plane daemon may program the transmissionkey into the protocol hardware.

As shown in FIG. 1I, the data plane daemon may determine thatinstallation of the transmission key on the protocol hardware iscomplete. For example, the protocol hardware may send, upon completionof the installation of the transmission key on the protocol hardware andto the data plane daemon, a message indicating that installation of thetransmission key on the protocol hardware is complete.

As shown by reference number 175, the data plane daemon may send, to theprotocol daemon, a notification indicating that the transmission key isinstalled on the protocol hardware (e.g., based on determining thatinstallation of the transmission key on the protocol hardware iscomplete). As shown by reference number 180, the protocol daemon mayprovide (e.g., send, transmit, forward, and/or the like), to the keyserver network device, a second acknowledgment message (e.g., based onreceiving the notification indicating that the transmission key isinstalled on the protocol hardware). The second acknowledgment messagemay indicate that the transmission key is installed on the peer networkdevice.

As shown in FIG. 1J, a first endpoint device of the plurality ofendpoint devices (e.g., an origination endpoint device) may send, to thekey server network device, traffic that is destined for a secondendpoint device (e.g., a destination endpoint device). As shown byreference number 185, the key server network device may, based onreceiving the first acknowledgment message (e.g., indicating that thereceiving key is installed on the peer network device) and using thetransmission key, encrypt the traffic to generate encrypted traffic. Asshown by reference number 190, the key server network device may provide(e.g., send, route, forward, and/or the like) the encrypted traffic tothe peer network device. As shown by reference number 195, the peernetwork device may decrypt, using the receiving key, the encryptedtraffic. In some implementations, the peer network device may send thetraffic (e.g., after decrypting the traffic) to the second endpointdevice.

As indicated above, FIGS. 1A-1J are provided as an example. Otherexamples may differ from what is described with regard to FIGS. 1A-1J.The number and arrangement of devices shown in FIGS. 1A-1J are providedas an example. In practice, there may be additional devices, fewerdevices, different devices, or differently arranged than those shown inFIGS. 1A-1J. Furthermore, two or more devices shown in FIGS. 1A-1J maybe implemented within a single device, or a single device shown in FIGS.1A-1J may be implemented as multiple, distributed devices. Additionally,or alternatively, a set of devices (e.g., one or more devices) shown inFIGS. 1A-1J may perform one or more functions described as beingperformed by another set of devices shown in FIGS. 1A-1J.

FIG. 2 is a diagram of an example environment 200 in which systemsand/or methods described herein may be implemented. As shown in FIG. 2,environment 200 may include one or more endpoint devices 210, one ormore network devices 220 (shown as network device 220-1 through networkdevice 220-N, where N≥1), and a network 230. Devices of environment 200may interconnect via wired connections, wireless connections, or acombination of wired and wireless connections.

Endpoint device 210 includes one or more devices capable of receiving,generating, storing, processing, and/or providing information, such asinformation described herein. For example, endpoint device 210 mayinclude a mobile phone (e.g., a smart phone, a radiotelephone, and/orthe like), a laptop computer, a tablet computer, a desktop computer, ahandheld computer, a gaming device, a wearable communication device(e.g., a smart watch, a pair of smart glasses, a heart rate monitor, afitness tracker, smart clothing, smart jewelry, a head mounted display,and/or the like), a network device, or a similar type of device. In someimplementations, endpoint device 210 may receive network traffic fromand/or may provide network traffic to other endpoint devices 210 vianetwork 230 (e.g., by routing packets using network devices 220 asintermediaries).

Network device 220 includes one or more devices capable of receiving,processing, storing, routing, and/or providing traffic (e.g., a packet,other information or metadata, and/or the like) in a manner describedherein. For example, network device 220 may include a router, such as alabel switching router (LSR), a label edge router (LER), an ingressrouter, an egress router, a provider router (e.g., a provider edgerouter, a provider core router, and/or the like), a virtual router,and/or the like. Additionally, or alternatively, network device 220 mayinclude a gateway, a switch, a firewall, a hub, a bridge, a reverseproxy, a server (e.g., a proxy server, a cloud server, a data centerserver, and/or the like), a load balancer, and/or a similar device. Insome implementations, network device 220 may be a key server networkdevice, a peer network device, and/or the like.

In some implementations, network device 220 may be a physical deviceimplemented within a housing, such as a chassis. In someimplementations, network device 220 may be a virtual device implementedby one or more computer devices of a cloud computing environment or adata center. In some implementations, a group of network devices 220 maybe a group of data center nodes that are used to route traffic flowthrough network 230.

Network 230 includes one or more wired and/or wireless networks. Forexample, network 230 may include a cellular network (e.g., a fifthgeneration (5G) network, a fourth generation (4G) network, such as along-term evolution (LTE) network, a third generation (3G) network, acode division multiple access (CDMA) network, a public land mobilenetwork (PLMN), a local area network (LAN), a wide area network (WAN), ametropolitan area network (MAN), a telephone network (e.g., the PublicSwitched Telephone Network (PSTN)), a private network, an ad hocnetwork, an intranet, the Internet, a fiber optic-based network, a cloudcomputing network, or the like, and/or a combination of these or othertypes of networks.

The number and arrangement of devices and networks shown in FIG. 2 areprovided as one or more examples. In practice, there may be additionaldevices and/or networks, fewer devices and/or networks, differentdevices and/or networks, or differently arranged devices and/or networksthan those shown in FIG. 2. Furthermore, two or more devices shown inFIG. 2 may be implemented within a single device, or a single deviceshown in FIG. 2 may be implemented as multiple, distributed devices.Additionally, or alternatively, a set of devices (e.g., one or moredevices) of environment 200 may perform one or more functions describedas being performed by another set of devices of environment 200.

FIG. 3 is a diagram of example components of a device 300. Device 300may correspond to endpoint device 210 and/or network device 220. In someimplementations, endpoint device 210 and/or network device 220 mayinclude one or more devices 300 and/or one or more components of device300. As shown in FIG. 3, device 300 may include a bus 310, a processor320, a memory 330, a storage component 340, an input component 350, anoutput component 360, and a communication interface 370.

Bus 310 includes a component that permits communication among thecomponents of device 300. Processor 320 is implemented in hardware,firmware, or a combination of hardware and software. Processor 320 is acentral processing unit (CPU), a graphics processing unit (GPU), anaccelerated processing unit (APU), a microprocessor, a microcontroller,a digital signal processor (DSP), a field-programmable gate array(FPGA), an application-specific integrated circuit (ASIC), or anothertype of processing component. In some implementations, processor 320includes one or more processors capable of being programmed to perform afunction. Memory 330 includes a random-access memory (RAM), a read onlymemory (ROM), and/or another type of dynamic or static storage device(e.g., a flash memory, a magnetic memory, and/or an optical memory) thatstores information and/or instructions for use by processor 320.

Storage component 340 stores information and/or software related to theoperation and use of device 300. For example, storage component 340 mayinclude a hard disk (e.g., a magnetic disk, an optical disk, amagneto-optic disk, and/or a solid state disk), a compact disc (CD), adigital versatile disc (DVD), a floppy disk, a cartridge, a magnetictape, and/or another type of non-transitory computer-readable medium,along with a corresponding drive.

Input component 350 includes a component that permits device 300 toreceive information, such as via user input (e.g., a touch screendisplay, a keyboard, a keypad, a mouse, a button, a switch, and/or amicrophone). Additionally, or alternatively, input component 350 mayinclude a sensor for sensing information (e.g., a global positioningsystem (GPS) component, an accelerometer, a gyroscope, and/or anactuator). Output component 360 includes a component that providesoutput information from device 300 (e.g., a display, a speaker, and/orone or more LEDs).

Communication interface 370 includes a transceiver-like component (e.g.,a transceiver and/or a separate receiver and transmitter) that enablesdevice 300 to communicate with other devices, such as via a wiredconnection, a wireless connection, or a combination of wired andwireless connections. Communication interface 370 may permit device 300to receive information from another device and/or provide information toanother device. For example, communication interface 370 may include anEthernet interface, an optical interface, a coaxial interface, aninfrared interface, an RF interface, a universal serial bus (USB)interface, a wireless local area interface, a cellular networkinterface, and/or the like.

Device 300 may perform one or more processes described herein. Device300 may perform these processes based on processor 320 executingsoftware instructions stored by a non-transitory computer-readablemedium, such as memory 330 and/or storage component 340. Acomputer-readable medium is defined herein as a non-transitory memorydevice. A memory device includes memory space within a single physicalstorage device or memory space spread across multiple physical storagedevices.

Software instructions may be read into memory 330 and/or storagecomponent 340 from another computer-readable medium or from anotherdevice via communication interface 370. When executed, softwareinstructions stored in memory 330 and/or storage component 340 may causeprocessor 320 to perform one or more processes described herein.Additionally, or alternatively, hardwired circuitry may be used in placeof or in combination with software instructions to perform one or moreprocesses described herein. Thus, implementations described herein arenot limited to any specific combination of hardware circuitry andsoftware.

The number and arrangement of components shown in FIG. 3 are provided asan example. In practice, device 300 may include additional components,fewer components, different components, or differently arrangedcomponents than those shown in FIG. 3. Additionally, or alternatively, aset of components (e.g., one or more components) of device 300 mayperform one or more functions described as being performed by anotherset of components of device 300.

FIG. 4 is a diagram of example components of a device 400. Device 400may correspond to endpoint device 210 and/or network device 220. In someimplementations, endpoint device 210 and/or network device 220 mayinclude one or more devices 400 and/or one or more components of device400. As shown in FIG. 4, device 400 may include one or more inputcomponents 410-1 through 410-A (A≥1) (hereinafter referred tocollectively as input components 410, and individually as inputcomponent 410), a switching component 420, one or more output components430-1 through 430-B (B≥1) (hereinafter referred to collectively asoutput components 430, and individually as output component 430), and acontroller 440.

Input component 410 may be one or more points of attachment for physicallinks and may be one or more points of entry for incoming traffic, suchas packets. Input component 410 may process incoming traffic, such as byperforming data link layer encapsulation or decapsulation. In someimplementations, input component 410 may transmit and/or receivepackets. In some implementations, input component 410 may include aninput line card that includes one or more packet processing components(e.g., in the form of integrated circuits), such as one or moreinterface cards (IFCs), packet forwarding components, line cardcontroller components, input ports, processors, memories, and/or inputqueues. In some implementations, device 400 may include one or moreinput components 410.

Switching component 420 may interconnect input components 410 withoutput components 430. In some implementations, switching component 420may be implemented via one or more crossbars, via busses, and/or withshared memories. The shared memories may act as temporary buffers tostore packets from input components 410 before the packets areeventually scheduled for delivery to output components 430. In someimplementations, switching component 420 may enable input components410, output components 430, and/or controller 440 to communicate withone another.

Output component 430 may store packets and may schedule packets fortransmission on output physical links. Output component 430 may supportdata link layer encapsulation or decapsulation, and/or a variety ofhigher-level protocols. In some implementations, output component 430may transmit packets and/or receive packets. In some implementations,output component 430 may include an output line card that includes oneor more packet processing components (e.g., in the form of integratedcircuits), such as one or more IFCs, packet forwarding components, linecard controller components, output ports, processors, memories, and/oroutput queues. In some implementations, device 400 may include one ormore output components 430. In some implementations, input component 410and output component 430 may be implemented by the same set ofcomponents (e.g., and input/output component may be a combination ofinput component 410 and output component 430).

Controller 440 includes a processor in the form of, for example, a CPU,a GPU, an APU, a microprocessor, a microcontroller, a DSP, an FPGA, anASIC, and/or another type of processor. The processor is implemented inhardware, firmware, or a combination of hardware and software. In someimplementations, controller 440 may include one or more processors thatcan be programmed to perform a function.

In some implementations, controller 440 may include a RAM, a ROM, and/oranother type of dynamic or static storage device (e.g., a flash memory,a magnetic memory, an optical memory, etc.) that stores informationand/or instructions for use by controller 440.

In some implementations, controller 440 may communicate with otherdevices, networks, and/or systems connected to device 400 to exchangeinformation regarding network topology. Controller 440 may createrouting tables based on the network topology information, may createforwarding tables based on the routing tables, and may forward theforwarding tables to input components 410 and/or output components 430.Input components 410 and/or output components 430 may use the forwardingtables to perform route lookups for incoming and/or outgoing packets.

Controller 440 may perform one or more processes described herein.Controller 440 may perform these processes in response to executingsoftware instructions stored by a non-transitory computer-readablemedium. A computer-readable medium is defined herein as a non-transitorymemory device. A memory device includes memory space within a singlephysical storage device or memory space spread across multiple physicalstorage devices.

Software instructions may be read into a memory and/or storage componentassociated with controller 440 from another computer-readable medium orfrom another device via a communication interface. When executed,software instructions stored in a memory and/or storage componentassociated with controller 440 may cause controller 440 to perform oneor more processes described herein. Additionally, or alternatively,hardwired circuitry may be used in place of or in combination withsoftware instructions to perform one or more processes described herein.Thus, implementations described herein are not limited to any specificcombination of hardware circuitry and software.

The number and arrangement of components shown in FIG. 4 are provided asan example. In practice, device 400 may include additional components,fewer components, different components, or differently arrangedcomponents than those shown in FIG. 4. Additionally, or alternatively, aset of components (e.g., one or more components) of device 400 mayperform one or more functions described as being performed by anotherset of components of device 400.

FIG. 5 is a flowchart of an example process 500 associated withfacilitating hitless security key rollover. In some implementations, oneor more process blocks of FIG. 5 may be performed by a first networkdevice (e.g., network device 220). In some implementations, one or moreprocess blocks of FIG. 5 may be performed by another device or a groupof devices separate from or including the first network device, such asan endpoint device (e.g., endpoint device 210), and/or the like.Additionally, or alternatively, one or more process blocks of FIG. 5 maybe performed by one or more components of a device 300, such asprocessor 320, memory 330, storage component 340, input component 350,output component 360, communication interface 370, and/or the like;and/or the like; one or more components of a device 400, such as inputcomponent 410, switching component 420, output component 430, controller440, and/or the like; and/or the like.

As shown in FIG. 5, process 500 may include receiving encryption dataidentifying a receiving key for decrypting traffic, and a transmissionkey for encrypting traffic (block 510). For example, the first networkdevice may receive encryption data identifying a receiving key fordecrypting traffic, and a transmission key for encrypting traffic, asdescribed above.

As further shown in FIG. 5, process 500 may include installing thereceiving key on protocol hardware associated with a data plane of thefirst network device (block 520). For example, the first network devicemay install the receiving key on protocol hardware associated with adata plane of the first network device, as described above.

As further shown in FIG. 5, process 500 may include receiving, from thedata plane of the first network device, a first notification indicatingthat the receiving key is installed on the protocol hardware (block530). For example, the first network device may receive, from the dataplane of the first network device, a first notification indicating thatthe receiving key is installed on the protocol hardware, as describedabove.

As further shown in FIG. 5, process 500 may include providing, to asecond network device, a first key agreement control message identifyingthe receiving key, wherein the first key agreement control message isprovided based on receiving the first notification (block 540). Forexample, the first network device may provide, to a second networkdevice, a first key agreement control message identifying the receivingkey, as described above. In some implementations, the first keyagreement control message is provided based on receiving the firstnotification.

As further shown in FIG. 5, process 500 may include receiving, from thesecond network device, an acknowledgment message indicating that thereceiving key is installed on the second network device (block 550). Forexample, the first network device may receive, from the second networkdevice, an acknowledgment message indicating that the receiving key isinstalled on the second network device, as described above.

As further shown in FIG. 5, process 500 may include installing thetransmission key on the protocol hardware based on receiving theacknowledgment message (block 560). For example, the first networkdevice may install the transmission key on the protocol hardware basedon receiving the acknowledgment message, as described above.

As further shown in FIG. 5, process 500 may include receiving, from thedata plane of the first network device, a second notification indicatingthat the transmission key is installed on the protocol hardware (block570). For example, the first network device may receive, from the dataplane of the first network device, a second notification indicating thatthe transmission key is installed on the protocol hardware, as describedabove.

As further shown in FIG. 5, process 500 may include providing, to thesecond network device, a second key agreement control messageidentifying the transmission key, wherein the second key agreementcontrol message is provided based on receiving the second notification(block 580). For example, the first network device may provide, to thesecond network device, a second key agreement control messageidentifying the transmission key, as described above. In someimplementations, the second key agreement control message is providedbased on receiving the second notification.

Process 500 may include additional implementations, such as any singleimplementation or any combination of implementations described belowand/or in connection with one or more other processes describedelsewhere herein.

In a first implementation, the acknowledgment message is based on anadditional notification, received by the second network device and froma data plane of the second network device, indicating that the receivingkey is installed on protocol hardware associated with the data plane ofthe second network device.

In a second implementation, alone or in combination with the firstimplementation, process 500 includes encrypting traffic with thetransmission key based on receiving the acknowledgment message and togenerate encrypted traffic, and providing the encrypted traffic to thesecond network device to cause the second network device to decrypt theencrypted traffic with the receiving key.

In a third implementation, alone or in combination with one or more ofthe first and second implementations, process 500 includes encryptingtraffic with the transmission key based on receiving the otheracknowledgment message and to generate encrypted traffic, and providingthe encrypted traffic to the second network device to cause the secondnetwork device to decrypt the encrypted traffic with the receiving key.

In a fourth implementation, alone or in combination with one or more ofthe first through third implementations, the protocol hardware isassociated with one of a media access control security protocol, or anInternet protocol security protocol.

In a fifth implementation, alone or in combination with one or more ofthe first through fourth implementations, the first network deviceincludes a key server network device and the second network deviceincludes a peer network device.

In a sixth implementation, alone or in combination with one or more ofthe first through fifth implementations, the first notification and thesecond notification enable the first network device to provide securitykey rollover without resulting in traffic loss.

In a seventh implementation, alone or in combination with one or more ofthe first through sixth implementations, receiving the encryption datacomprises receiving the encryption data identifying the receiving keyand the transmission key a particular time period after receiving formersecurity keys.

Although FIG. 5 shows example blocks of process 500, in someimplementations, process 500 may include additional blocks, fewerblocks, different blocks, or differently arranged blocks than thosedepicted in FIG. 5. Additionally, or alternatively, two or more of theblocks of process 500 may be performed in parallel.

FIG. 6 is a flowchart of an example process 600 associated withfacilitating hitless security key rollover. In some implementations, oneor more process blocks of FIG. 6 may be performed by a first networkdevice (e.g., network device 220). In some implementations, one or moreprocess blocks of FIG. 6 may be performed by another device or a groupof devices separate from or including the first network device, such asan endpoint device (e.g., endpoint device 210), and/or the like.Additionally, or alternatively, one or more process blocks of FIG. 6 maybe performed by one or more components of a device 300, such asprocessor 320, memory 330, storage component 340, input component 350,output component 360, communication interface 370, and/or the like;and/or the like; one or more components of a device 400, such as inputcomponent 410, switching component 420, output component 430, controller440, and/or the like; and/or the like.

As shown in FIG. 6, process 600 may include receiving encryption dataidentifying a first key for decrypting traffic, and a second key forencrypting traffic (block 610). For example, the first network devicemay receive encryption data identifying a first key for decryptingtraffic, and a second key for encrypting traffic, as described above.

As further shown in FIG. 6, process 600 may include installing the firstkey on protocol hardware associated with a data plane of the firstnetwork device (block 620). For example, the first network device mayinstall the first key on protocol hardware associated with a data planeof the first network device, as described above.

As further shown in FIG. 6, process 600 may include receiving, from thedata plane, a first notification indicating that the first key isinstalled on the protocol hardware (block 630). For example, the firstnetwork device may receive, from the data plane, a first notificationindicating that the first key is installed on the protocol hardware, asdescribed above.

As further shown in FIG. 6, process 600 may include providing, to asecond network device, a first key agreement control message identifyingthe first key, wherein the first key agreement control message isprovided based on receiving the first notification (block 640). Forexample, the first network device may provide, to a second networkdevice, a first key agreement control message identifying the first key,as described above. In some implementations, the first key agreementcontrol message is provided based on receiving the first notification.

As further shown in FIG. 6, process 600 may include receiving, from thesecond network device, a first acknowledgment message indicating thatthe first key is installed on the second network device (block 650). Forexample, the first network device may receive, from the second networkdevice, a first acknowledgment message indicating that the first key isinstalled on the second network device, as described above.

As further shown in FIG. 6, process 600 may include installing thesecond key on the protocol hardware based on receiving the firstacknowledgment message (block 660). For example, the first networkdevice may install the second key on the protocol hardware based onreceiving the first acknowledgment message, as described above.

As further shown in FIG. 6, process 600 may include receiving, from thedata plane, a second notification indicating that the second key isinstalled on the protocol hardware (block 670). For example, the firstnetwork device may receive, from the data plane, a second notificationindicating that the second key is installed on the protocol hardware, asdescribed above.

As further shown in FIG. 6, process 600 may include providing, to thesecond network device, a second key agreement control messageidentifying the second key, wherein the second key agreement controlmessage is provided based on receiving the second notification (block680). For example, the first network device may provide, to the secondnetwork device, a second key agreement control message identifying thesecond key, as described above. In some implementations, the second keyagreement control message is provided based on receiving the secondnotification.

As further shown in FIG. 6, process 600 may include receiving, from thesecond network device, a second acknowledgment message indicating thatthe second key is installed on the second network device (block 690).For example, the first network device may receive, from the secondnetwork device, a second acknowledgment message indicating that thesecond key is installed on the second network device, as describedabove.

Process 600 may include additional implementations, such as any singleimplementation or any combination of implementations described belowand/or in connection with one or more other processes describedelsewhere herein.

In a first implementation, receiving the encryption data includesreceiving the encryption data identifying the first key and the secondkey after a quantity of packets is processed with former security keys.

In a second implementation, alone or in combination with the firstimplementation, the second network device is included in a plurality ofpeer network devices associated with the first network device, andprocess 600 includes receiving, from the plurality of peer networkdevices, a plurality of acknowledgment messages indicating that thefirst key is installed on each of the plurality of peer network devices,and encrypting traffic with the second key based on receiving theplurality of acknowledgment messages and to generate encrypted traffic.

In a third implementation, alone or in combination with one or more ofthe first and second implementations, process 600 includes providing theencrypted traffic to one or more of the plurality of peer networkdevices, to cause the one or more of the plurality of peer networkdevices to decrypt the encrypted traffic with the first key.

In a fourth implementation, alone or in combination with one or more ofthe first through third implementations, the first notification and thesecond notification enable the first network device to provide securitykey rollover with zero packet loss.

In a fifth implementation, alone or in combination with one or more ofthe first through fourth implementations, installing the first key onthe protocol hardware comprises programming the first key into theprotocol hardware.

In a sixth implementation, alone or in combination with one or more ofthe first through fifth implementations, installing the second key onthe protocol hardware based on receiving the first acknowledgmentmessage comprises programming the second key into the protocol hardwareafter receiving the first acknowledgment message.

Although FIG. 6 shows example blocks of process 600, in someimplementations, process 600 may include additional blocks, fewerblocks, different blocks, or differently arranged blocks than thosedepicted in FIG. 6. Additionally, or alternatively, two or more of theblocks of process 600 may be performed in parallel.

FIG. 7 is a flowchart of an example process 700 associated withfacilitating hitless security key rollover for security keys. In someimplementations, one or more process blocks of FIG. 7 may be performedby another device or a group of devices separate from or including thefirst network device, such as an endpoint device (e.g., endpoint device210), and/or the like. Additionally, or alternatively, one or moreprocess blocks of FIG. 7 may be performed by one or more components of adevice 300, such as processor 320, memory 330, storage component 340,input component 350, output component 360, communication interface 370,and/or the like; and/or the like; one or more components of a device400, such as input component 410, switching component 420, outputcomponent 430, controller 440, and/or the like; and/or the like.

As shown in FIG. 7, process 700 may include receiving encryption dataidentifying a receiving key for decrypting traffic and a transmissionkey for encrypting traffic (block 705). For example, the first networkdevice may receive encryption data identifying a receiving key fordecrypting traffic and a transmission key for encrypting traffic, asdescribed above.

As further shown in FIG. 7, process 700 may include installing thereceiving key on protocol hardware associated with a data plane of thefirst network device (block 710). For example, the first network devicemay install the receiving key on protocol hardware associated with adata plane of the first network device, as described above.

As further shown in FIG. 7, process 700 may include receiving, from thedata plane, a first notification indicating that the receiving key isinstalled on the protocol hardware (block 715). For example, the firstnetwork device may receive, from the data plane, a first notificationindicating that the receiving key is installed on the protocol hardware,as described above.

As further shown in FIG. 7, process 700 may include providing, to asecond network device, a first key agreement control message identifyingthe receiving key, wherein the first key agreement control message isprovided based on receiving the first notification (block 720). Forexample, the first network device may provide, to a second networkdevice, a first key agreement control message identifying the receivingkey, as described above. In some implementations, the first keyagreement control message is provided based on receiving the firstnotification.

As further shown in FIG. 7, process 700 may include receiving, from thesecond network device, a first acknowledgment message indicating thatthe receiving key is installed on the second network device (block 725).For example, the first network device may receive, from the secondnetwork device, a first acknowledgment message indicating that thereceiving key is installed on the second network device, as describedabove.

As further shown in FIG. 7, process 700 may include installing thetransmission key on the protocol hardware based on receiving the firstacknowledgment message (block 730). For example, the first networkdevice may install the transmission key on the protocol hardware basedon receiving the first acknowledgment message, as described above.

As further shown in FIG. 7, process 700 may include receiving, from thedata plane, a second notification indicating that the transmission keyis installed on the protocol hardware (block 735). For example, thefirst network device may receive, from the data plane, a secondnotification indicating that the transmission key is installed on theprotocol hardware, as described above.

As further shown in FIG. 7, process 700 may include providing, to thesecond network device, a second key agreement control messageidentifying the transmission key, wherein the second key agreementcontrol message is provided based on receiving the second notification(block 740). For example, the first network device may provide, to thesecond network device, a second key agreement control messageidentifying the transmission key, as described above. In someimplementations, the second key agreement control message is providedbased on receiving the second notification.

As further shown in FIG. 7, process 700 may include receiving, from thesecond network device, a second acknowledgment message indicating thatthe transmission key is installed on the second network device (block745). For example, the first network device may receive, from the secondnetwork device, a second acknowledgment message indicating that thetransmission key is installed on the second network device, as describedabove.

As further shown in FIG. 7, process 700 may include encrypt traffic withthe transmission key based on receiving the first acknowledgment messageand to generate encrypted traffic (block 750). For example, the firstnetwork device may encrypt traffic with the transmission key based onreceiving the first acknowledgment message and to generate encryptedtraffic, as described above.

As further shown in FIG. 7, process 700 may include providing theencrypted traffic to the second network device to cause the secondnetwork device to decrypt the encrypted traffic with the receiving key(block 755). For example, the first network device may provide theencrypted traffic to the second network device to cause the secondnetwork device to decrypt the encrypted traffic with the receiving key,as described above.

Process 700 may include additional implementations, such as any singleimplementation or any combination of implementations described belowand/or in connection with one or more other processes describedelsewhere herein.

In a first implementation, receiving the encryption data comprisesreceiving the encryption data identifying the receiving key and thetransmission key a particular time period after receiving formersecurity keys or after a quantity of packets is processed with theformer security keys.

In a second implementation, alone or in combination with the firstimplementation, the first notification and the second notificationenable the first network device to provide security key rollover withzero packet loss.

In a third implementation, alone or in combination with one or more ofthe first and second implementations, installing the receiving key onthe protocol hardware includes programming the receiving key into theprotocol hardware.

In a fourth implementation, alone or in combination with one or more ofthe first through third implementations, installing the transmission keyon the protocol hardware based on receiving the first acknowledgmentmessage includes programming the transmission key into the protocolhardware after receiving the first acknowledgment message.

In a fifth implementation, alone or in combination with one or more ofthe first through fourth implementations, the first acknowledgmentmessage is based on a third notification indicating that the receivingkey is installed on protocol hardware associated with a data plane ofthe second network device.

Although FIG. 7 shows example blocks of process 700, in someimplementations, process 700 may include additional blocks, fewerblocks, different blocks, or differently arranged blocks than thosedepicted in FIG. 7. Additionally, or alternatively, two or more of theblocks of process 700 may be performed in parallel.

The foregoing disclosure provides illustration and description, but isnot intended to be exhaustive or to limit the implementations to theprecise form disclosed. Modifications and variations may be made inlight of the above disclosure or may be acquired from practice of theimplementations.

As used herein, the term “component” is intended to be broadly construedas hardware, firmware, or a combination of hardware and software.

As used herein, traffic or content may include a set of packets. Apacket may refer to a communication structure for communicatinginformation, such as a protocol data unit (PDU), a service data unit(SDU), a network packet, a datagram, a segment, a message, a block, aframe (e.g., an Ethernet frame), a portion of any of the above, and/oranother type of formatted or unformatted unit of data capable of beingtransmitted via a network.

It will be apparent that systems and/or methods described herein may beimplemented in different forms of hardware, firmware, and/or acombination of hardware and software. The actual specialized controlhardware or software code used to implement these systems and/or methodsis not limiting of the implementations. Thus, the operation and behaviorof the systems and/or methods are described herein without reference tospecific software code—it being understood that software and hardwarecan be used to implement the systems and/or methods based on thedescription herein.

Even though particular combinations of features are recited in theclaims and/or disclosed in the specification, these combinations are notintended to limit the disclosure of various implementations. In fact,many of these features may be combined in ways not specifically recitedin the claims and/or disclosed in the specification. Although eachdependent claim listed below may directly depend on only one claim, thedisclosure of various implementations includes each dependent claim incombination with every other claim in the claim set.

No element, act, or instruction used herein should be construed ascritical or essential unless explicitly described as such. Also, as usedherein, the articles “a” and “an” are intended to include one or moreitems, and may be used interchangeably with “one or more.” Further, asused herein, the article “the” is intended to include one or more itemsreferenced in connection with the article “the” and may be usedinterchangeably with “the one or more.” Furthermore, as used herein, theterm “set” is intended to include one or more items (e.g., relateditems, unrelated items, a combination of related and unrelated items,etc.), and may be used interchangeably with “one or more.” Where onlyone item is intended, the phrase “only one” or similar language is used.Also, as used herein, the terms “has,” “have,” “having,” or the like areintended to be open-ended terms. Further, the phrase “based on” isintended to mean “based, at least in part, on” unless explicitly statedotherwise. Also, as used herein, the term “or” is intended to beinclusive when used in a series and may be used interchangeably with“and/or,” unless explicitly stated otherwise (e.g., if used incombination with “either” or “only one of”).

What is claimed is:
 1. A method, comprising: receiving, by a firstnetwork device, encryption data identifying: a receiving key fordecrypting traffic, and a transmission key for encrypting traffic;installing, by the first network device, the receiving key on protocolhardware associated with a data plane of the first network device;receiving, from the data plane of the first network device, a firstnotification indicating that the receiving key is installed on theprotocol hardware; providing, by the first network device and to asecond network device, a first key agreement control message identifyingthe receiving key, wherein the first key agreement control message isprovided based on receiving the first notification; receiving, by thefirst network device and from the second network device, anacknowledgment message indicating that the receiving key is installed onthe second network device; installing, by the first network device, thetransmission key on the protocol hardware based on receiving theacknowledgment message; receiving, from the data plane of the firstnetwork device, a second notification indicating that the transmissionkey is installed on the protocol hardware; and providing, by the firstnetwork device and to the second network device, a second key agreementcontrol message identifying the transmission key, wherein the second keyagreement control message is provided based on receiving the secondnotification.
 2. The method of claim 1, wherein the acknowledgmentmessage is based on an additional notification, received by the secondnetwork device and from a data plane of the second network device,indicating that the receiving key is installed on protocol hardwareassociated with the data plane of the second network device.
 3. Themethod of claim 2, further comprising: encrypting traffic with thetransmission key based on receiving the acknowledgment message and togenerate encrypted traffic; and providing the encrypted traffic to thesecond network device to cause the second network device to decrypt theencrypted traffic with the receiving key.
 4. The method of claim 1,wherein the protocol hardware is associated with one of: a media accesscontrol security protocol, or an Internet protocol security protocol. 5.The method of claim 1, wherein the first network device includes a keyserver network device and the second network device includes a peernetwork device.
 6. The method of claim 1, wherein the first notificationand the second notification enable the first network device to providesecurity key rollover without resulting in traffic loss.
 7. The methodof claim 1, wherein receiving the encryption data comprises: receivingthe encryption data identifying the receiving key and the transmissionkey a particular time period after receiving former security keys.
 8. Afirst network device, comprising: one or more memories; and one or moreprocessors to: receive encryption data identifying: a first key fordecrypting traffic, and a second key for encrypting traffic; install thefirst key on protocol hardware associated with a data plane of the firstnetwork device; receive, from the data plane, a first notificationindicating that the first key is installed on the protocol hardware;provide, to a second network device, a first key agreement controlmessage identifying the first key, wherein the first key agreementcontrol message is provided based on receiving the first notification;receive, from the second network device, a first acknowledgment messageindicating that the first key is installed on the second network device;install the second key on the protocol hardware based on receiving thefirst acknowledgment message; receive, from the data plane, a secondnotification indicating that the second key is installed on the protocolhardware; provide, to the second network device, a second key agreementcontrol message identifying the second key, wherein the second keyagreement control message is provided based on receiving the secondnotification; and receive, from the second network device, a secondacknowledgment message indicating that the second key is installed onthe second network device.
 9. The first network device of claim 8,wherein the one or more processors, when receiving the encryption data,are to: receive the encryption data identifying the first key and thesecond key after a quantity of packets is processed with former securitykeys.
 10. The first network device of claim 8, wherein the secondnetwork device is included in a plurality of peer network devicesassociated with the first network device, and the one or more processorsare further to: receive, from the plurality of peer network devices, aplurality of acknowledgment messages indicating that the first key isinstalled on each of the plurality of peer network devices; and encrypttraffic with the second key based on receiving the plurality ofacknowledgment messages and to generate encrypted traffic.
 11. The firstnetwork device of claim 10, wherein the one or more processors arefurther to: provide the encrypted traffic to one or more of theplurality of peer network devices to cause the one or more of theplurality of peer network devices to decrypt the encrypted traffic withthe first key.
 12. The first network device of claim 8, wherein thefirst notification and the second notification enable the first networkdevice to provide security key rollover with zero packet loss.
 13. Thefirst network device of claim 8, wherein the one or more processors,when installing the first key on the protocol hardware, are to: programthe first key into the protocol hardware.
 14. The first network deviceof claim 8, wherein the one or more processors, when installing thesecond key on the protocol hardware based on receiving the firstacknowledgment message, are to: program the second key into the protocolhardware after receiving the first acknowledgment message.
 15. Anon-transitory computer-readable medium storing instructions, theinstructions comprising: one or more instructions that, when executed byone or more processors of a first network device, cause the one or moreprocessors to: receive encryption data identifying a receiving key fordecrypting traffic and a transmission key for encrypting traffic;install the receiving key on protocol hardware associated with a dataplane of the first network device; receive, from the data plane, a firstnotification indicating that the receiving key is installed on theprotocol hardware; provide, to a second network device, a first keyagreement control message identifying the receiving key, wherein thefirst key agreement control message is provided based on receiving thefirst notification; receive, from the second network device, a firstacknowledgment message indicating that the receiving key is installed onthe second network device; install the transmission key on the protocolhardware based on receiving the first acknowledgment message; receive,from the data plane, a second notification indicating that thetransmission key is installed on the protocol hardware; provide, to thesecond network device, a second key agreement control messageidentifying the transmission key, wherein the second key agreementcontrol message is provided based on receiving the second notification;receive, from the second network device, a second acknowledgment messageindicating that the transmission key is installed on the second networkdevice; encrypt traffic with the transmission key based on receiving thefirst acknowledgment message and to generate encrypted traffic; andprovide the encrypted traffic to the second network device to cause thesecond network device to decrypt the encrypted traffic with thereceiving key.
 16. The non-transitory computer-readable medium of claim15, wherein the one or more instructions, that cause the one or moreprocessors to receive the encryption data, cause the one or moreprocessors to: receive the encryption data identifying the receiving keyand the transmission key a particular time period after receiving formersecurity keys or after a quantity of packets is processed with theformer security keys.
 17. The non-transitory computer-readable medium ofclaim 15, wherein the first notification and the second notificationenable the first network device to provide security key rollover withzero packet loss.
 18. The non-transitory computer-readable medium ofclaim 15, wherein the one or more instructions, that cause the one ormore processors to install the receiving key on the protocol hardware,cause the one or more processors to: program the receiving key into theprotocol hardware.
 19. The non-transitory computer-readable medium ofclaim 15, wherein the one or more instructions, that cause the one ormore processors to install the transmission key on the protocol hardwarebased on receiving the first acknowledgment message, cause the one ormore processors to: program the transmission key into the protocolhardware after receiving the first acknowledgment message.
 20. Thenon-transitory computer-readable medium of claim 15, wherein the firstacknowledgment message is based on a third notification indicating thatthe receiving key is installed on protocol hardware associated with adata plane of the second network device.